Network appliance to get highest-ever security rating

Related Links

A Tenix Datagate network appliance that protects classified information will become the first product in the world to receive the highest security certification from the National Information Assurance Partnership, company officials said Sept. 26.

The partnership is scheduled to award Tenix a Common Criteria Evaluation Assurance Level (EAL) of 7 today for the company’s Data Diode, said Justin Jolly, senior technical consultant for Tenix America, a U.S. subsidiary of the Australian company.

Placed at each connection between unclassified and classified servers, Data Diode permits only one-way transmission of data from unclassified to classified networks, Jolly said.

The partnership gave the device an EAL 7 rating because it had already earned the highest European Information Technology Security Evaluation Criteria rating, Jolly said. In addition, “it’s physically impossible for data to go back the other way,” which ensures unparalleled security, he said.

The partnership is also expected to award Tenix an EAL 5+ rating for its Keyboard Switch, which allows keyboards, mice and monitors to be used on both unclassified and secure networks, Jolly said.

Keyboard Switch is put on every computer that accesses either type of network, Jolly said. Users manually switch between classified and unclassified networks, and at no time does the switch span both of them, which protects data, he said.

The switch also permits users to work in both environments simultaneously and copy unclassified data into a classified file, Jolly said. For instance, a person can watch a video clip on the Internet and copy and paste it into an open secret document.

The switch is only getting an EAL 5+ rating because the National Security Agency, which evaluates all products rated at EAL 4 and above, said there is a slight chance that the keyboard’s buffer could retain classified data, Jolly said. Nonetheless, an EAL 5+ is still a respectable security rating, he added.

An initiative of NSA and the National Institute of Standards and Technology, the partnership’s goal is to increase users’ trust in their information systems through security testing, evaluation and validation programs.